Spaces:
Running
Running
Update permissions
Browse files- Dockerfile +20 -0
- nginx.conf +7 -0
Dockerfile
CHANGED
|
@@ -19,12 +19,32 @@ RUN npm run build
|
|
| 19 |
# Production stage
|
| 20 |
FROM nginx:alpine
|
| 21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22 |
# Copy built assets from builder stage
|
| 23 |
COPY --from=builder /app/dist /usr/share/nginx/html
|
| 24 |
|
| 25 |
# Copy nginx configuration
|
| 26 |
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
| 27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
# Expose port 7860 (default for Hugging Face Spaces)
|
| 29 |
EXPOSE 7860
|
| 30 |
|
|
|
|
| 19 |
# Production stage
|
| 20 |
FROM nginx:alpine
|
| 21 |
|
| 22 |
+
# Create nginx cache directories and set permissions
|
| 23 |
+
RUN mkdir -p /var/cache/nginx \
|
| 24 |
+
&& chown -R nginx:nginx /var/cache/nginx \
|
| 25 |
+
&& mkdir -p /var/log/nginx \
|
| 26 |
+
&& chown -R nginx:nginx /var/log/nginx \
|
| 27 |
+
&& mkdir -p /var/lib/nginx \
|
| 28 |
+
&& chown -R nginx:nginx /var/lib/nginx \
|
| 29 |
+
&& touch /var/run/nginx.pid \
|
| 30 |
+
&& chown -R nginx:nginx /var/run/nginx.pid \
|
| 31 |
+
&& chown -R nginx:nginx /etc/nginx
|
| 32 |
+
|
| 33 |
# Copy built assets from builder stage
|
| 34 |
COPY --from=builder /app/dist /usr/share/nginx/html
|
| 35 |
|
| 36 |
# Copy nginx configuration
|
| 37 |
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
| 38 |
|
| 39 |
+
# Update nginx configuration to run as non-root
|
| 40 |
+
RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \
|
| 41 |
+
&& sed -i 's,listen 80;,listen 7860;,' /etc/nginx/conf.d/default.conf \
|
| 42 |
+
&& sed -i '/user/d' /etc/nginx/nginx.conf \
|
| 43 |
+
&& chown -R nginx:nginx /usr/share/nginx/html
|
| 44 |
+
|
| 45 |
+
# Switch to non-root user
|
| 46 |
+
USER nginx
|
| 47 |
+
|
| 48 |
# Expose port 7860 (default for Hugging Face Spaces)
|
| 49 |
EXPOSE 7860
|
| 50 |
|
nginx.conf
CHANGED
|
@@ -4,6 +4,13 @@ server {
|
|
| 4 |
root /usr/share/nginx/html;
|
| 5 |
index index.html;
|
| 6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
# Enable gzip compression
|
| 8 |
gzip on;
|
| 9 |
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
| 4 |
root /usr/share/nginx/html;
|
| 5 |
index index.html;
|
| 6 |
|
| 7 |
+
# Specify client body temp path
|
| 8 |
+
client_body_temp_path /tmp/nginx/client_temp;
|
| 9 |
+
proxy_temp_path /tmp/nginx/proxy_temp;
|
| 10 |
+
fastcgi_temp_path /tmp/nginx/fastcgi_temp;
|
| 11 |
+
uwsgi_temp_path /tmp/nginx/uwsgi_temp;
|
| 12 |
+
scgi_temp_path /tmp/nginx/scgi_temp;
|
| 13 |
+
|
| 14 |
# Enable gzip compression
|
| 15 |
gzip on;
|
| 16 |
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|